During a recent team meeting, it was our suggested our audience would love to learn more about the differences between Salesforce Marketing Cloud, which offers a digital marketing platform, and our own Paubox Marketing.
This post will compare and contrast Salesforce Marketing Cloud and Paubox as it relates to HIPAA compliant email.
About Salesforce Marketing Cloud
Salesforce Marketing Cloud (SFMC) is a digital marketing automation platform offered by Salesforce. It provides a suite of tools for businesses to create and manage marketing campaigns across various channels, including email, social media, mobile, and the web.
The platform allows users to segment and target specific customer groups, automate personalized communication, and track the effectiveness of marketing efforts.
Prior to its acquisition by Salesforce in 2013, the company was founded in 2000 under the name ExactTarget. It was renamed to Salesforce Marketing Cloud in 2014.
About Paubox Marketing
Paubox Marketing is an email marketing automation platform built specifically for U.S. healthcare organizations. It provides a set of API-based services for covered entities and business associates to create and manage email marketing campaigns.
Using a patented approach, the solution allows customers to personalize email campaigns with PHI (protected health information) and track results with realtime analytics. In addition, the Paubox Marketing API is available to customers to use.
Paubox launched in 2015 and currently has over four thousand customers in all 50 states.
Is Salesforce Marketing Cloud HIPAA compliant?
There are several things to consider when it comes to Salesforce Marketing Cloud and its ability to provide HIPAA compliant email.
First, let’s start with a quick recap of terms. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that protects the privacy of individuals’ personal health information, otherwise known as PHI.
As we’ve previously discussed, HIPAA applies to covered entities, which includes healthcare providers, health plans, and healthcare clearinghouses. It also applies to business associates of these covered entities. These are entities that perform certain functions or activities on behalf of the covered entity.
A business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance.
We’ve written in the past about Salesforce Marketing Cloud and its stance on HIPAA compliance.
In a nutshell, Salesforce was willing to sign a BAA for Marketing Cloud in 2019, although the scope of coverage was quite limited.
As of 2023 however, we were unable to find Salesforce Marketing Cloud as a HIPAA Covered Service in the Salesforce Business Associate Addendum Restrictions page. We are left to conclude Salesforce is no longer offering Marketing Cloud as a HIPAA compliant service.
Is Paubox HIPAA compliant?
Paubox provides a BAA for all paid and freemium customers.
In addition, the following solutions are HITRUST CSF certified:
While an official HIPAA compliance certification does not exist, it’s widely acknowledged HITRUST CSF is the closest thing to it. In a nutshell, not only is Paubox HIPAA compliant, but its solutions are also HITRUST CSF certified.
Both Salesforce Marketing Cloud and Paubox offer an email marketing automation platform that alleviates the need for customers to fret about infrastructure and maintenance of in-house email marketing systems.
Salesforce Marketing Cloud however, is no longer listed as a HIPAA Covered Service by Salesforce. We are therefore left to conclude it is not a HIPAA compliant solution.
Paubox on the other hand, was built from the ground up to provide secure, easy-to-use, HIPAA compliant email. This is apparent from its technical design (four patents and counting), HITRUST CSF certification since 2019, and inclusion of a business associate agreement for all customers (paid and freemium).